| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity EssentialsWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.03.2013, 12:48
| #1 |
| |  Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Hallo, habe durch geistige Umnachtung die Telekom Mail mit der Rechnung geöffnet und sogar den Anhang ausgeführt.Sowas ist mir noch nie passiert, aber jammern hilft jetzt auch nicht mehr. Ich verwende Security Essentials und halte eigentlich alle Programme auf dem neuesten Stand. Ich kann seit dem Öffnen des Anhangs keinerlei Änderungen an meinem System feststellen. Es ist schon ein paar Tage her, ich habe erst gestern Abend durch Zufall von dem Trojaner in dem PDF gelesen. Hier die logs der Programme wie in der Anleitung. Ich hoffe ihr könnt mir helfen. Kompletter Scan mit Security Essentials brachte keinerlei Meldung. Die logs kann ich nicht mit [Code] einfügen, weil Post dann zu lang wird. Oder soll ich die erst auf Anweisung posten ? Sorry ist mein erstes Mal  Vielen Dank im Voraus Eure Dachratte |
|
05.03.2013, 14:29
| #2 |
| /// Malware-holic   | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Hallo und
__________________ hi öffne mal den Adobe reader und schaue, welche Version du nutzt hast du diese PDF-Datei noch? Wenn ja, lad sie mal hoch http://www.trojaner-board.de/54791-a...tml#post349565 Alternativ bzw. zusätzlich kannst du diese Mail an an Markus schicken => markusg - trojaner-board.de
__________________ Geändert von Da GuRu (14.06.2013 um 13:16 Uhr) |
|
05.03.2013, 14:37
| #3 |
| | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Hallo,
__________________erst mal vielen Dank für die superschnelle Reaktion. Damit hatte ich gar nicht gerechnet. Die Mail bzw. den Anhang habe ich nicht mehr. Hatte ich dann sofort gelöscht als ich gemerkt habe, dass die Rechnung nicht für uns. bzw. korrekt war. Acrobat Reader Versionsinformationen (sind ja mehrere wenn man sich durchklickt) habe ich mal alle rausgeschrieben, Version 11.0.2 Version 11.0.01.36 AGM Version 4.28.131 Cool Type Version 5.11.131 Basisversion 11.1 JP2K Version 2.0.0.26752 Gruß Dachratte |
|
05.03.2013, 18:26
| #4 |
| /// Malware-holic | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials dann sollte alles sauber sein, wir gucken mal Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.03.2013, 19:00
| #5 |
| | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Hallo, hier der log von TDSSKiller Code:
ATTFilter 18:57:09.0570 6444 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:57:09.0691 6444 ============================================================
18:57:09.0691 6444 Current date / time: 2013/03/05 18:57:09.0691
18:57:09.0691 6444 SystemInfo:
18:57:09.0691 6444
18:57:09.0691 6444 OS Version: 6.1.7601 ServicePack: 1.0
18:57:09.0691 6444 Product type: Workstation
18:57:09.0691 6444 ComputerName: RON-LAP
18:57:09.0691 6444 UserName: ron
18:57:09.0691 6444 Windows directory: C:\Windows
18:57:09.0691 6444 System windows directory: C:\Windows
18:57:09.0691 6444 Running under WOW64
18:57:09.0691 6444 Processor architecture: Intel x64
18:57:09.0691 6444 Number of processors: 8
18:57:09.0691 6444 Page size: 0x1000
18:57:09.0691 6444 Boot type: Normal boot
18:57:09.0691 6444 ============================================================
18:57:10.0082 6444 Drive \Device\Harddisk1\DR1 - Size: 0xE38000 (0.01 Gb), SectorSize: 0x200, Cylinders: 0x1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
18:57:10.0083 6444 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:57:10.0089 6444 Drive \Device\Harddisk1\DR1 - Size: 0xE38000 (0.01 Gb), SectorSize: 0x200, Cylinders: 0x1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:57:10.0091 6444 ============================================================
18:57:10.0091 6444 \Device\Harddisk1\DR1:
18:57:10.0091 6444 MBR partitions:
18:57:10.0091 6444 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x1, StartLBA 0x39, BlocksNum 0x7187
18:57:10.0091 6444 \Device\Harddisk0\DR0:
18:57:10.0092 6444 MBR partitions:
18:57:10.0092 6444 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:57:10.0092 6444 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000
18:57:10.0092 6444 \Device\Harddisk1\DR1:
18:57:10.0092 6444 MBR partitions:
18:57:10.0092 6444 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x1, StartLBA 0x39, BlocksNum 0x7187
18:57:10.0092 6444 ============================================================
18:57:10.0093 6444 C: <-> \Device\Harddisk0\DR0\Partition2
18:57:10.0093 6444 ============================================================
18:57:10.0093 6444 Initialize success
18:57:10.0093 6444 ============================================================
18:57:45.0387 2436 ============================================================
18:57:45.0387 2436 Scan started
18:57:45.0387 2436 Mode: Manual; SigCheck; TDLFS;
18:57:45.0387 2436 ============================================================
18:57:45.0493 2436 ================ Scan system memory ========================
18:57:45.0493 2436 System memory - ok
18:57:45.0494 2436 ================ Scan services =============================
18:57:45.0532 2436 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:57:45.0571 2436 1394ohci - ok
18:57:45.0576 2436 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:57:45.0588 2436 ACPI - ok
18:57:45.0591 2436 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:57:45.0603 2436 AcpiPmi - ok
18:57:45.0615 2436 [ 5C612044C7C9786D49C6BEC1BED33232 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
18:57:45.0638 2436 AcrSch2Svc - ok
18:57:45.0642 2436 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:57:45.0650 2436 AdobeARMservice - ok
18:57:45.0674 2436 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:57:45.0685 2436 AdobeFlashPlayerUpdateSvc - ok
18:57:45.0692 2436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:57:45.0707 2436 adp94xx - ok
18:57:45.0712 2436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:57:45.0724 2436 adpahci - ok
18:57:45.0728 2436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:57:45.0739 2436 adpu320 - ok
18:57:45.0743 2436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:57:45.0772 2436 AeLookupSvc - ok
18:57:45.0775 2436 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:57:45.0782 2436 AERTFilters - ok
18:57:45.0788 2436 [ ABCF9C80EAACE03021BB7F450EB8993F ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
18:57:45.0801 2436 afcdp - ok
18:57:45.0828 2436 [ 1AEA25F70F12ABB494A4E35E1D717414 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
18:57:45.0885 2436 afcdpsrv - ok
18:57:45.0892 2436 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:57:45.0906 2436 AFD - ok
18:57:45.0909 2436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:57:45.0918 2436 agp440 - ok
18:57:45.0921 2436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:57:45.0931 2436 ALG - ok
18:57:45.0933 2436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:57:45.0941 2436 aliide - ok
18:57:45.0944 2436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:57:45.0952 2436 amdide - ok
18:57:45.0955 2436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:57:45.0964 2436 AmdK8 - ok
18:57:45.0967 2436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:57:45.0977 2436 AmdPPM - ok
18:57:45.0980 2436 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:57:45.0990 2436 amdsata - ok
18:57:45.0994 2436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:57:46.0005 2436 amdsbs - ok
18:57:46.0008 2436 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:57:46.0015 2436 amdxata - ok
18:57:46.0020 2436 [ 18A8E8A19CD826D31D2E74E740220001 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
18:57:46.0031 2436 AMPPAL - ok
18:57:46.0035 2436 [ 18A8E8A19CD826D31D2E74E740220001 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
18:57:46.0044 2436 AMPPALP - ok
18:57:46.0053 2436 [ B4837176B2DBBC8E3D6F31D4853EEAEB ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
18:57:46.0068 2436 AMPPALR3 - ok
18:57:46.0071 2436 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:57:46.0099 2436 AppID - ok
18:57:46.0102 2436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:57:46.0131 2436 AppIDSvc - ok
18:57:46.0134 2436 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:57:46.0161 2436 Appinfo - ok
18:57:46.0165 2436 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:57:46.0174 2436 Apple Mobile Device - ok
18:57:46.0177 2436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:57:46.0186 2436 arc - ok
18:57:46.0189 2436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:57:46.0198 2436 arcsas - ok
18:57:46.0209 2436 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:57:46.0217 2436 aspnet_state - ok
18:57:46.0219 2436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:57:46.0248 2436 AsyncMac - ok
18:57:46.0250 2436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:57:46.0258 2436 atapi - ok
18:57:46.0267 2436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:57:46.0301 2436 AudioEndpointBuilder - ok
18:57:46.0309 2436 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:57:46.0341 2436 AudioSrv - ok
18:57:46.0359 2436 [ FD6D09D43563322543134D2C0136B41B ] AVer7231_x64 C:\Windows\system32\DRIVERS\AVer7231_x64.sys
18:57:46.0399 2436 AVer7231_x64 - ok
18:57:46.0403 2436 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:57:46.0417 2436 AxInstSV - ok
18:57:46.0423 2436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:57:46.0436 2436 b06bdrv - ok
18:57:46.0441 2436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:57:46.0453 2436 b57nd60a - ok
18:57:46.0457 2436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:57:46.0467 2436 BDESVC - ok
18:57:46.0470 2436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:57:46.0497 2436 Beep - ok
18:57:46.0506 2436 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:57:46.0540 2436 BFE - ok
18:57:46.0550 2436 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:57:46.0587 2436 BITS - ok
18:57:46.0590 2436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:57:46.0599 2436 blbdrive - ok
18:57:46.0609 2436 [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
18:57:46.0626 2436 Bluetooth Device Monitor - ok
18:57:46.0639 2436 [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
18:57:46.0661 2436 Bluetooth Media Service - ok
18:57:46.0671 2436 [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
18:57:46.0689 2436 Bluetooth OBEX Service - ok
18:57:46.0695 2436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:57:46.0707 2436 Bonjour Service - ok
18:57:46.0710 2436 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:57:46.0720 2436 bowser - ok
18:57:46.0723 2436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:57:46.0734 2436 BrFiltLo - ok
18:57:46.0736 2436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:57:46.0748 2436 BrFiltUp - ok
18:57:46.0751 2436 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:57:46.0762 2436 Browser - ok
18:57:46.0767 2436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:57:46.0779 2436 Brserid - ok
18:57:46.0782 2436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:57:46.0793 2436 BrSerWdm - ok
18:57:46.0796 2436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:57:46.0806 2436 BrUsbMdm - ok
18:57:46.0809 2436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:57:46.0819 2436 BrUsbSer - ok
18:57:46.0822 2436 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
18:57:46.0832 2436 BthEnum - ok
18:57:46.0835 2436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:57:46.0846 2436 BTHMODEM - ok
18:57:46.0850 2436 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:57:46.0863 2436 BthPan - ok
18:57:46.0869 2436 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
18:57:46.0884 2436 BTHPORT - ok
18:57:46.0887 2436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:57:46.0916 2436 bthserv - ok
18:57:46.0919 2436 [ B9D49E4288F56C053B4C12D2F9042948 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
18:57:46.0927 2436 BTHSSecurityMgr - ok
18:57:46.0930 2436 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
18:57:46.0939 2436 BTHUSB - ok
18:57:46.0942 2436 [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
18:57:46.0951 2436 btmaux - ok
18:57:46.0956 2436 [ 5BA4C6F82A5CA3307C0579D9F7B36E28 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
18:57:46.0966 2436 btmhsf - ok
18:57:46.0969 2436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:57:46.0997 2436 cdfs - ok
18:57:47.0001 2436 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:57:47.0012 2436 cdrom - ok
18:57:47.0015 2436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:57:47.0043 2436 CertPropSvc - ok
18:57:47.0045 2436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:57:47.0057 2436 circlass - ok
18:57:47.0062 2436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:57:47.0075 2436 CLFS - ok
18:57:47.0080 2436 [ FC9946B9121978E38943C2D20F129377 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
18:57:47.0091 2436 CLKMSVC10_9EC60124 - ok
18:57:47.0097 2436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:57:47.0105 2436 clr_optimization_v2.0.50727_32 - ok
18:57:47.0110 2436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:57:47.0119 2436 clr_optimization_v2.0.50727_64 - ok
18:57:47.0128 2436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:57:47.0137 2436 clr_optimization_v4.0.30319_32 - ok
18:57:47.0139 2436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:57:47.0148 2436 clr_optimization_v4.0.30319_64 - ok
18:57:47.0151 2436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:57:47.0161 2436 CmBatt - ok
18:57:47.0163 2436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:57:47.0171 2436 cmdide - ok
18:57:47.0177 2436 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
18:57:47.0196 2436 CNG - ok
18:57:47.0199 2436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:57:47.0207 2436 Compbatt - ok
18:57:47.0210 2436 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:57:47.0226 2436 CompositeBus - ok
18:57:47.0228 2436 COMSysApp - ok
18:57:47.0261 2436 [ 4F19119C392210244FC0108E76939DC5 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
18:57:47.0273 2436 cphs - ok
18:57:47.0276 2436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:57:47.0284 2436 crcdisk - ok
18:57:47.0290 2436 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:57:47.0301 2436 CryptSvc - ok
18:57:47.0309 2436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:57:47.0343 2436 DcomLaunch - ok
18:57:47.0348 2436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:57:47.0380 2436 defragsvc - ok
18:57:47.0383 2436 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:57:47.0411 2436 DfsC - ok
18:57:47.0417 2436 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:57:47.0429 2436 Dhcp - ok
18:57:47.0432 2436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:57:47.0460 2436 discache - ok
18:57:47.0463 2436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:57:47.0472 2436 Disk - ok
18:57:47.0477 2436 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:57:47.0489 2436 Dnscache - ok
18:57:47.0493 2436 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:57:47.0522 2436 dot3svc - ok
18:57:47.0526 2436 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:57:47.0555 2436 DPS - ok
18:57:47.0558 2436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:57:47.0569 2436 drmkaud - ok
18:57:47.0579 2436 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:57:47.0598 2436 DXGKrnl - ok
18:57:47.0602 2436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:57:47.0631 2436 EapHost - ok
18:57:47.0660 2436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:57:47.0703 2436 ebdrv - ok
18:57:47.0706 2436 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:57:47.0716 2436 EFS - ok
18:57:47.0725 2436 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:57:47.0741 2436 ehRecvr - ok
18:57:47.0744 2436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:57:47.0754 2436 ehSched - ok
18:57:47.0761 2436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:57:47.0776 2436 elxstor - ok
18:57:47.0779 2436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:57:47.0788 2436 ErrDev - ok
18:57:47.0796 2436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:57:47.0828 2436 EventSystem - ok
18:57:47.0837 2436 [ 23D401A43DADED10A153B9F3A7E66C91 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:57:47.0851 2436 EvtEng - ok
18:57:47.0856 2436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:57:47.0886 2436 exfat - ok
18:57:47.0890 2436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:57:47.0919 2436 fastfat - ok
18:57:47.0927 2436 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:57:47.0943 2436 Fax - ok
18:57:47.0946 2436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:57:47.0956 2436 fdc - ok
18:57:47.0959 2436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:57:47.0987 2436 fdPHost - ok
18:57:47.0989 2436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:57:48.0018 2436 FDResPub - ok
18:57:48.0021 2436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:57:48.0029 2436 FileInfo - ok
18:57:48.0032 2436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:57:48.0060 2436 Filetrace - ok
18:57:48.0062 2436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:57:48.0072 2436 flpydisk - ok
18:57:48.0076 2436 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:57:48.0088 2436 FltMgr - ok
18:57:48.0092 2436 [ F0CC1A9106F9FB0F704F6ED95622B43E ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
18:57:48.0100 2436 fltsrv - ok
18:57:48.0111 2436 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:57:48.0133 2436 FontCache - ok
18:57:48.0136 2436 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:57:48.0143 2436 FontCache3.0.0.0 - ok
18:57:48.0145 2436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:57:48.0154 2436 FsDepends - ok
18:57:48.0157 2436 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:57:48.0164 2436 Fs_Rec - ok
18:57:48.0169 2436 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:57:48.0182 2436 fvevol - ok
18:57:48.0185 2436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:57:48.0194 2436 gagp30kx - ok
18:57:48.0196 2436 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:57:48.0202 2436 GEARAspiWDM - ok
18:57:48.0211 2436 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:57:48.0246 2436 gpsvc - ok
18:57:48.0250 2436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:57:48.0258 2436 gupdate - ok
18:57:48.0260 2436 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:57:48.0267 2436 gupdatem - ok
18:57:48.0270 2436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:57:48.0279 2436 hcw85cir - ok
18:57:48.0285 2436 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:57:48.0300 2436 HdAudAddService - ok
18:57:48.0303 2436 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:57:48.0316 2436 HDAudBus - ok
18:57:48.0318 2436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:57:48.0328 2436 HidBatt - ok
18:57:48.0331 2436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:57:48.0343 2436 HidBth - ok
18:57:48.0346 2436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:57:48.0358 2436 HidIr - ok
18:57:48.0361 2436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:57:48.0390 2436 hidserv - ok
18:57:48.0393 2436 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:57:48.0403 2436 HidUsb - ok
18:57:48.0406 2436 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:57:48.0435 2436 hkmsvc - ok
18:57:48.0439 2436 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:57:48.0451 2436 HomeGroupListener - ok
18:57:48.0455 2436 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:57:48.0466 2436 HomeGroupProvider - ok
18:57:48.0469 2436 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:57:48.0478 2436 HpSAMD - ok
18:57:48.0486 2436 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:57:48.0520 2436 HTTP - ok
18:57:48.0523 2436 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:57:48.0531 2436 hwpolicy - ok
18:57:48.0534 2436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:57:48.0544 2436 i8042prt - ok
18:57:48.0551 2436 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:57:48.0563 2436 iaStor - ok
18:57:48.0567 2436 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:57:48.0572 2436 IAStorDataMgrSvc - ok
18:57:48.0578 2436 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:57:48.0591 2436 iaStorV - ok
18:57:48.0594 2436 [ 806422F30DF9CE8307457485779C77B7 ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
18:57:48.0603 2436 iBtFltCoex - ok
18:57:48.0606 2436 [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
18:57:48.0615 2436 ICCS - ok
18:57:48.0624 2436 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:57:48.0643 2436 idsvc - ok
18:57:48.0686 2436 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:57:48.0751 2436 igfx - ok
18:57:48.0755 2436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:57:48.0764 2436 iirsp - ok
18:57:48.0773 2436 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:57:48.0809 2436 IKEEXT - ok
18:57:48.0833 2436 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:57:48.0871 2436 IntcAzAudAddService - ok
18:57:48.0878 2436 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:57:48.0889 2436 IntcDAud - ok
18:57:48.0891 2436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:57:48.0899 2436 intelide - ok
18:57:48.0902 2436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:57:48.0912 2436 intelppm - ok
18:57:48.0915 2436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:57:48.0945 2436 IPBusEnum - ok
18:57:48.0948 2436 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:57:48.0975 2436 IpFilterDriver - ok
18:57:48.0982 2436 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:57:48.0997 2436 iphlpsvc - ok
18:57:49.0000 2436 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:57:49.0010 2436 IPMIDRV - ok
18:57:49.0014 2436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:57:49.0043 2436 IPNAT - ok
18:57:49.0050 2436 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:57:49.0065 2436 iPod Service - ok
18:57:49.0067 2436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:57:49.0080 2436 IRENUM - ok
18:57:49.0083 2436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:57:49.0091 2436 isapnp - ok
18:57:49.0096 2436 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:57:49.0108 2436 iScsiPrt - ok
18:57:49.0112 2436 [ E56417C56B6A7316B6F527C890A1860D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
18:57:49.0120 2436 JMCR - ok
18:57:49.0123 2436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:57:49.0131 2436 kbdclass - ok
18:57:49.0133 2436 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:57:49.0143 2436 kbdhid - ok
18:57:49.0145 2436 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:57:49.0154 2436 KeyIso - ok
18:57:49.0157 2436 [ 322CD7A01A961D94C6EAB640D6427504 ] KOBCCEX C:\Windows\system32\drivers\KOBCCEX.sys
18:57:49.0165 2436 KOBCCEX - ok
18:57:49.0168 2436 [ 000200AD75DE8363546EECAFF77980FE ] KOBCCID C:\Windows\system32\drivers\KOBCCID.sys
18:57:49.0177 2436 KOBCCID - ok
18:57:49.0180 2436 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:57:49.0189 2436 KSecDD - ok
18:57:49.0193 2436 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:57:49.0202 2436 KSecPkg - ok
18:57:49.0205 2436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:57:49.0233 2436 ksthunk - ok
18:57:49.0238 2436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:57:49.0270 2436 KtmRm - ok
18:57:49.0275 2436 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:57:49.0306 2436 LanmanServer - ok
18:57:49.0310 2436 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:57:49.0340 2436 LanmanWorkstation - ok
18:57:49.0344 2436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:57:49.0373 2436 lltdio - ok
18:57:49.0378 2436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:57:49.0410 2436 lltdsvc - ok
18:57:49.0413 2436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:57:49.0441 2436 lmhosts - ok
18:57:49.0446 2436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:57:49.0455 2436 LSI_FC - ok
18:57:49.0458 2436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:57:49.0467 2436 LSI_SAS - ok
18:57:49.0470 2436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:57:49.0479 2436 LSI_SAS2 - ok
18:57:49.0482 2436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:57:49.0492 2436 LSI_SCSI - ok
18:57:49.0495 2436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:57:49.0523 2436 luafv - ok
18:57:49.0527 2436 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:57:49.0537 2436 Mcx2Svc - ok
18:57:49.0540 2436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:57:49.0548 2436 megasas - ok
18:57:49.0554 2436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:57:49.0566 2436 MegaSR - ok
18:57:49.0569 2436 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:57:49.0575 2436 MEIx64 - ok
18:57:49.0578 2436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:57:49.0607 2436 MMCSS - ok
18:57:49.0610 2436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:57:49.0637 2436 Modem - ok
18:57:49.0640 2436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:57:49.0651 2436 monitor - ok
18:57:49.0653 2436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:57:49.0662 2436 mouclass - ok
18:57:49.0664 2436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:57:49.0674 2436 mouhid - ok
18:57:49.0677 2436 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:57:49.0686 2436 mountmgr - ok
18:57:49.0690 2436 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:57:49.0703 2436 MpFilter - ok
18:57:49.0707 2436 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:57:49.0717 2436 mpio - ok
18:57:49.0720 2436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:57:49.0748 2436 mpsdrv - ok
18:57:49.0758 2436 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:57:49.0793 2436 MpsSvc - ok
18:57:49.0797 2436 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:57:49.0812 2436 MRxDAV - ok
18:57:49.0816 2436 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:57:49.0827 2436 mrxsmb - ok
18:57:49.0832 2436 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:57:49.0844 2436 mrxsmb10 - ok
18:57:49.0847 2436 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:57:49.0857 2436 mrxsmb20 - ok
18:57:49.0860 2436 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:57:49.0868 2436 msahci - ok
18:57:49.0871 2436 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:57:49.0881 2436 msdsm - ok
18:57:49.0885 2436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:57:49.0897 2436 MSDTC - ok
18:57:49.0902 2436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:57:49.0930 2436 Msfs - ok
18:57:49.0933 2436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:57:49.0961 2436 mshidkmdf - ok
18:57:49.0964 2436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:57:49.0971 2436 msisadrv - ok
18:57:49.0975 2436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:57:50.0005 2436 MSiSCSI - ok
18:57:50.0007 2436 msiserver - ok
18:57:50.0010 2436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:57:50.0039 2436 MSKSSRV - ok
18:57:50.0042 2436 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:57:50.0050 2436 MsMpSvc - ok
18:57:50.0052 2436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:57:50.0081 2436 MSPCLOCK - ok
18:57:50.0083 2436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:57:50.0111 2436 MSPQM - ok
18:57:50.0117 2436 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:57:50.0130 2436 MsRPC - ok
18:57:50.0134 2436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:57:50.0142 2436 mssmbios - ok
18:57:50.0145 2436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:57:50.0172 2436 MSTEE - ok
18:57:50.0175 2436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:57:50.0184 2436 MTConfig - ok
18:57:50.0187 2436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:57:50.0195 2436 Mup - ok
18:57:50.0200 2436 [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:57:50.0208 2436 MyWiFiDHCPDNS - ok
18:57:50.0215 2436 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:57:50.0248 2436 napagent - ok
18:57:50.0253 2436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:57:50.0269 2436 NativeWifiP - ok
18:57:50.0280 2436 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:57:50.0300 2436 NDIS - ok
18:57:50.0303 2436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:57:50.0332 2436 NdisCap - ok
18:57:50.0334 2436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:57:50.0362 2436 NdisTapi - ok
18:57:50.0365 2436 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:57:50.0393 2436 Ndisuio - ok
18:57:50.0397 2436 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:57:50.0427 2436 NdisWan - ok
18:57:50.0430 2436 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:57:50.0457 2436 NDProxy - ok
18:57:50.0460 2436 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
18:57:50.0468 2436 Netaapl - ok
18:57:50.0471 2436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:57:50.0499 2436 NetBIOS - ok
18:57:50.0503 2436 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:57:50.0533 2436 NetBT - ok
18:57:50.0536 2436 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:57:50.0545 2436 Netlogon - ok
18:57:50.0551 2436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:57:50.0584 2436 Netman - ok
18:57:50.0596 2436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:50.0604 2436 NetMsmqActivator - ok
18:57:50.0608 2436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:50.0616 2436 NetPipeActivator - ok
18:57:50.0622 2436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:57:50.0655 2436 netprofm - ok
18:57:50.0659 2436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:50.0666 2436 NetTcpActivator - ok
18:57:50.0669 2436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:57:50.0677 2436 NetTcpPortSharing - ok
18:57:50.0775 2436 [ FAD6C5610D020534401966CD72A1C306 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
18:57:50.0900 2436 NETwNs64 - ok
18:57:50.0905 2436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:57:50.0913 2436 nfrd960 - ok
18:57:50.0917 2436 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:57:50.0926 2436 NisDrv - ok
18:57:50.0931 2436 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:57:50.0945 2436 NisSrv - ok
18:57:50.0950 2436 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:57:50.0962 2436 NlaSvc - ok
18:57:50.0965 2436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:57:50.0993 2436 Npfs - ok
18:57:50.0996 2436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:57:51.0025 2436 nsi - ok
18:57:51.0027 2436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:57:51.0055 2436 nsiproxy - ok
18:57:51.0072 2436 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:57:51.0103 2436 Ntfs - ok
18:57:51.0106 2436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:57:51.0134 2436 Null - ok
18:57:51.0137 2436 [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
18:57:51.0145 2436 nusb3hub - ok
18:57:51.0149 2436 [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:57:51.0158 2436 nusb3xhc - ok
18:57:51.0163 2436 [ 37DB55A42EAD9ED89B1883875F544B56 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
18:57:51.0173 2436 nvkflt - ok
18:57:51.0261 2436 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:57:51.0395 2436 nvlddmkm - ok
18:57:51.0400 2436 [ EB12E165FD233F2DDC47B11423186177 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
18:57:51.0407 2436 nvpciflt - ok
18:57:51.0411 2436 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:57:51.0421 2436 nvraid - ok
18:57:51.0424 2436 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:57:51.0435 2436 nvstor - ok
18:57:51.0445 2436 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:57:51.0464 2436 nvsvc - ok
18:57:51.0477 2436 [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:57:51.0501 2436 nvUpdatusService - ok
18:57:51.0505 2436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:57:51.0514 2436 nv_agp - ok
18:57:51.0517 2436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:57:51.0527 2436 ohci1394 - ok
18:57:51.0531 2436 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:57:51.0539 2436 ose - ok
18:57:51.0578 2436 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:57:51.0652 2436 osppsvc - ok
18:57:51.0660 2436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:57:51.0673 2436 p2pimsvc - ok
18:57:51.0680 2436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:57:51.0694 2436 p2psvc - ok
18:57:51.0697 2436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:57:51.0708 2436 Parport - ok
18:57:51.0711 2436 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:57:51.0720 2436 partmgr - ok
18:57:51.0724 2436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:57:51.0739 2436 PcaSvc - ok
18:57:51.0743 2436 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:57:51.0753 2436 pci - ok
18:57:51.0756 2436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:57:51.0764 2436 pciide - ok
18:57:51.0768 2436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:57:51.0779 2436 pcmcia - ok
18:57:51.0782 2436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:57:51.0791 2436 pcw - ok
18:57:51.0803 2436 [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
18:57:51.0827 2436 PDF Architect Helper Service - ok
18:57:51.0836 2436 [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
18:57:51.0852 2436 PDF Architect Service - ok
18:57:51.0860 2436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:57:51.0895 2436 PEAUTH - ok
18:57:51.0933 2436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:57:51.0943 2436 PerfHost - ok
18:57:51.0961 2436 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:57:52.0002 2436 pla - ok
18:57:52.0008 2436 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:57:52.0022 2436 PlugPlay - ok
18:57:52.0025 2436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:57:52.0035 2436 PNRPAutoReg - ok
18:57:52.0040 2436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:57:52.0052 2436 PNRPsvc - ok
18:57:52.0058 2436 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:57:52.0091 2436 PolicyAgent - ok
18:57:52.0096 2436 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:57:52.0127 2436 Power - ok
18:57:52.0130 2436 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:57:52.0159 2436 PptpMiniport - ok
18:57:52.0162 2436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:57:52.0172 2436 Processor - ok
18:57:52.0176 2436 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:57:52.0187 2436 ProfSvc - ok
18:57:52.0190 2436 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:57:52.0199 2436 ProtectedStorage - ok
18:57:52.0203 2436 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:57:52.0231 2436 Psched - ok
18:57:52.0234 2436 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
18:57:52.0240 2436 qicflt - ok
18:57:52.0255 2436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:57:52.0284 2436 ql2300 - ok
18:57:52.0287 2436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:57:52.0297 2436 ql40xx - ok
18:57:52.0301 2436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:57:52.0317 2436 QWAVE - ok
18:57:52.0320 2436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:57:52.0333 2436 QWAVEdrv - ok
18:57:52.0336 2436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:57:52.0365 2436 RasAcd - ok
18:57:52.0368 2436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:57:52.0396 2436 RasAgileVpn - ok
18:57:52.0399 2436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:57:52.0430 2436 RasAuto - ok
18:57:52.0433 2436 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:57:52.0462 2436 Rasl2tp - ok
18:57:52.0467 2436 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:57:52.0499 2436 RasMan - ok
18:57:52.0502 2436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:57:52.0531 2436 RasPppoe - ok
18:57:52.0535 2436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:57:52.0564 2436 RasSstp - ok
18:57:52.0569 2436 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:57:52.0599 2436 rdbss - ok
18:57:52.0602 2436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:57:52.0614 2436 rdpbus - ok
18:57:52.0617 2436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:57:52.0645 2436 RDPCDD - ok
18:57:52.0649 2436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:57:52.0676 2436 RDPENCDD - ok
18:57:52.0680 2436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:57:52.0707 2436 RDPREFMP - ok
18:57:52.0713 2436 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:57:52.0723 2436 RdpVideoMiniport - ok
18:57:52.0727 2436 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:57:52.0738 2436 RDPWD - ok
18:57:52.0742 2436 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:57:52.0753 2436 rdyboost - ok
18:57:52.0757 2436 [ 0C2B4C3B10D183BE116A38353E937F62 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:57:52.0766 2436 RegSrvc - ok
18:57:52.0769 2436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:57:52.0800 2436 RemoteAccess - ok
18:57:52.0804 2436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:57:52.0834 2436 RemoteRegistry - ok
18:57:52.0838 2436 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:57:52.0851 2436 RFCOMM - ok
18:57:52.0854 2436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:57:52.0883 2436 RpcEptMapper - ok
18:57:52.0886 2436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:57:52.0896 2436 RpcLocator - ok
18:57:52.0902 2436 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:57:52.0934 2436 RpcSs - ok
18:57:52.0938 2436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:57:52.0967 2436 rspndr - ok
18:57:52.0974 2436 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:57:52.0987 2436 RTL8167 - ok
18:57:52.0990 2436 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:57:52.0999 2436 SamSs - ok
18:57:53.0002 2436 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:57:53.0011 2436 sbp2port - ok
18:57:53.0016 2436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:57:53.0047 2436 SCardSvr - ok
18:57:53.0050 2436 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:57:53.0078 2436 scfilter - ok
18:57:53.0089 2436 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:57:53.0130 2436 Schedule - ok
18:57:53.0133 2436 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:57:53.0161 2436 SCPolicySvc - ok
18:57:53.0165 2436 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:57:53.0178 2436 sdbus - ok
18:57:53.0182 2436 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:57:53.0193 2436 SDRSVC - ok
18:57:53.0196 2436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:57:53.0225 2436 secdrv - ok
18:57:53.0228 2436 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:57:53.0256 2436 seclogon - ok
18:57:53.0259 2436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:57:53.0289 2436 SENS - ok
18:57:53.0292 2436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:57:53.0302 2436 SensrSvc - ok
18:57:53.0304 2436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:57:53.0314 2436 Serenum - ok
18:57:53.0317 2436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:57:53.0328 2436 Serial - ok
18:57:53.0331 2436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:57:53.0340 2436 sermouse - ok
18:57:53.0347 2436 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:57:53.0377 2436 SessionEnv - ok
18:57:53.0380 2436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:57:53.0389 2436 sffdisk - ok
18:57:53.0392 2436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:57:53.0401 2436 sffp_mmc - ok
18:57:53.0403 2436 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:57:53.0414 2436 sffp_sd - ok
18:57:53.0417 2436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:57:53.0426 2436 sfloppy - ok
18:57:53.0431 2436 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:57:53.0464 2436 SharedAccess - ok
18:57:53.0470 2436 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:57:53.0502 2436 ShellHWDetection - ok
18:57:53.0505 2436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:57:53.0514 2436 SiSRaid2 - ok
18:57:53.0517 2436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:57:53.0526 2436 SiSRaid4 - ok
18:57:53.0529 2436 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:57:53.0538 2436 SkypeUpdate - ok
18:57:53.0541 2436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:57:53.0570 2436 Smb - ok
18:57:53.0578 2436 [ FDB6E127DF739D4911319F0C8D339CAF ] snapman C:\Windows\system32\DRIVERS\snapman.sys
18:57:53.0589 2436 snapman - ok
18:57:53.0592 2436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:57:53.0603 2436 SNMPTRAP - ok
18:57:53.0606 2436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:57:53.0614 2436 spldr - ok
18:57:53.0621 2436 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:57:53.0637 2436 Spooler - ok
18:57:53.0667 2436 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:57:53.0731 2436 sppsvc - ok
18:57:53.0734 2436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:57:53.0764 2436 sppuinotify - ok
18:57:53.0770 2436 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:57:53.0783 2436 srv - ok
18:57:53.0790 2436 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:57:53.0802 2436 srv2 - ok
18:57:53.0806 2436 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:57:53.0816 2436 srvnet - ok
18:57:53.0820 2436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:57:53.0852 2436 SSDPSRV - ok
18:57:53.0855 2436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:57:53.0885 2436 SstpSvc - ok
18:57:53.0888 2436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:57:53.0896 2436 stexstor - ok
18:57:53.0904 2436 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:57:53.0924 2436 stisvc - ok
18:57:53.0926 2436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:57:53.0934 2436 swenum - ok
18:57:53.0942 2436 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
18:57:53.0955 2436 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
18:57:53.0955 2436 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
18:57:53.0962 2436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:57:53.0996 2436 swprv - ok
18:57:54.0055 2436 [ A214C8AA6A6C06C9DBAB1310E38DAB4A ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
18:57:54.0158 2436 syncagentsrv - ok
18:57:54.0174 2436 [ B0C7D4DCF4800DF2F2145B500D0161E8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:57:54.0197 2436 SynTP - ok
18:57:54.0214 2436 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:57:54.0246 2436 SysMain - ok
18:57:54.0250 2436 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:57:54.0265 2436 TabletInputService - ok
18:57:54.0270 2436 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:57:54.0302 2436 TapiSrv - ok
18:57:54.0305 2436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:57:54.0335 2436 TBS - ok
18:57:54.0353 2436 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:57:54.0388 2436 Tcpip - ok
18:57:54.0405 2436 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:57:54.0436 2436 TCPIP6 - ok
18:57:54.0440 2436 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:57:54.0449 2436 tcpipreg - ok
18:57:54.0453 2436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:57:54.0462 2436 TDPIPE - ok
18:57:54.0475 2436 [ 843DAFC2CD4ED5D57FA40FD2000C6296 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
18:57:54.0499 2436 tdrpman - ok
18:57:54.0502 2436 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:57:54.0511 2436 TDTCP - ok
18:57:54.0515 2436 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:57:54.0543 2436 tdx - ok
18:57:54.0546 2436 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:57:54.0555 2436 TermDD - ok
18:57:54.0563 2436 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:57:54.0598 2436 TermService - ok
18:57:54.0601 2436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:57:54.0615 2436 Themes - ok
18:57:54.0618 2436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:57:54.0647 2436 THREADORDER - ok
18:57:54.0657 2436 [ 31C9790525705B292F3B30F6676873CD ] tib_mounter C:\Windows\system32\DRIVERS\tib_mounter.sys
18:57:54.0678 2436 tib_mounter - ok
18:57:54.0682 2436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:57:54.0713 2436 TrkWks - ok
18:57:54.0717 2436 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:57:54.0746 2436 TrustedInstaller - ok
18:57:54.0750 2436 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:57:54.0778 2436 tssecsrv - ok
18:57:54.0782 2436 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:57:54.0792 2436 TsUsbFlt - ok
18:57:54.0795 2436 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:57:54.0824 2436 tunnel - ok
18:57:54.0827 2436 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
18:57:54.0841 2436 TurboB - ok
18:57:54.0845 2436 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:57:54.0853 2436 TurboBoost - ok
18:57:54.0856 2436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:57:54.0865 2436 uagp35 - ok
18:57:54.0870 2436 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:57:54.0901 2436 udfs - ok
18:57:54.0907 2436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:57:54.0919 2436 UI0Detect - ok
18:57:54.0922 2436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:57:54.0931 2436 uliagpkx - ok
18:57:54.0934 2436 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:57:54.0944 2436 umbus - ok
18:57:54.0947 2436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:57:54.0956 2436 UmPass - ok
18:57:54.0962 2436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:57:54.0995 2436 upnphost - ok
18:57:54.0998 2436 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:57:55.0003 2436 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
18:57:55.0003 2436 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
18:57:55.0006 2436 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:57:55.0016 2436 usbccgp - ok
18:57:55.0020 2436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:57:55.0033 2436 usbcir - ok
18:57:55.0035 2436 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:57:55.0045 2436 usbehci - ok
18:57:55.0051 2436 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:57:55.0064 2436 usbhub - ok
18:57:55.0068 2436 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:57:55.0077 2436 usbohci - ok
18:57:55.0079 2436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:57:55.0092 2436 usbprint - ok
18:57:55.0095 2436 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:57:55.0105 2436 USBSTOR - ok
18:57:55.0107 2436 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:57:55.0118 2436 usbuhci - ok
18:57:55.0123 2436 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:57:55.0136 2436 usbvideo - ok
18:57:55.0139 2436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:57:55.0169 2436 UxSms - ok
18:57:55.0172 2436 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:57:55.0181 2436 VaultSvc - ok
18:57:55.0184 2436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:57:55.0192 2436 vdrvroot - ok
18:57:55.0199 2436 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:57:55.0233 2436 vds - ok
18:57:55.0237 2436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:57:55.0249 2436 vga - ok
18:57:55.0251 2436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:57:55.0280 2436 VgaSave - ok
18:57:55.0285 2436 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:57:55.0296 2436 vhdmp - ok
18:57:55.0298 2436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:57:55.0307 2436 viaide - ok
18:57:55.0311 2436 [ 927CBC96C4635F235301411E530FB56E ] vididr C:\Windows\system32\DRIVERS\vididr.sys
18:57:55.0320 2436 vididr - ok
18:57:55.0324 2436 [ 88B4E5C396003BCF479CA4D9BE851D57 ] vidsflt C:\Windows\system32\DRIVERS\vidsflt.sys
18:57:55.0332 2436 vidsflt - ok
18:57:55.0335 2436 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:57:55.0344 2436 volmgr - ok
18:57:55.0349 2436 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:57:55.0362 2436 volmgrx - ok
18:57:55.0367 2436 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:57:55.0378 2436 volsnap - ok
18:57:55.0382 2436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:57:55.0393 2436 vsmraid - ok
18:57:55.0407 2436 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:57:55.0452 2436 VSS - ok
18:57:55.0455 2436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:57:55.0466 2436 vwifibus - ok
18:57:55.0469 2436 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:57:55.0482 2436 vwififlt - ok
18:57:55.0485 2436 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:57:55.0497 2436 vwifimp - ok
18:57:55.0503 2436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:57:55.0536 2436 W32Time - ok
18:57:55.0539 2436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:57:55.0549 2436 WacomPen - ok
18:57:55.0553 2436 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:57:55.0581 2436 WANARP - ok
18:57:55.0584 2436 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:57:55.0611 2436 Wanarpv6 - ok
18:57:55.0625 2436 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:57:55.0652 2436 wbengine - ok
18:57:55.0657 2436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:57:55.0672 2436 WbioSrvc - ok
18:57:55.0678 2436 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:57:55.0696 2436 wcncsvc - ok
18:57:55.0699 2436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:57:55.0709 2436 WcsPlugInService - ok
18:57:55.0714 2436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:57:55.0722 2436 Wd - ok
18:57:55.0725 2436 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
18:57:55.0739 2436 WDC_SAM - ok
18:57:55.0745 2436 [ 6209C98EAA7D003DBEA3EB3245211342 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
18:57:55.0751 2436 WDDMService ( UnsignedFile.Multi.Generic ) - warning
18:57:55.0751 2436 WDDMService - detected UnsignedFile.Multi.Generic (1)
18:57:55.0760 2436 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:57:55.0780 2436 Wdf01000 - ok
18:57:55.0791 2436 [ A787A567B3470C91C487ECE90CF7509C ] WDFME C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
18:57:55.0804 2436 WDFME ( UnsignedFile.Multi.Generic ) - warning
18:57:55.0804 2436 WDFME - detected UnsignedFile.Multi.Generic (1)
18:57:55.0808 2436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:57:55.0823 2436 WdiServiceHost - ok
18:57:55.0825 2436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:57:55.0840 2436 WdiSystemHost - ok
18:57:55.0846 2436 [ 3E2B446BFD98EE3AB236FE9E84F35489 ] WDSC C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
18:57:55.0855 2436 WDSC ( UnsignedFile.Multi.Generic ) - warning
18:57:55.0855 2436 WDSC - detected UnsignedFile.Multi.Generic (1)
18:57:55.0860 2436 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:57:55.0878 2436 WebClient - ok
18:57:55.0883 2436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:57:55.0915 2436 Wecsvc - ok
18:57:55.0918 2436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:57:55.0949 2436 wercplsupport - ok
18:57:55.0952 2436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:57:55.0982 2436 WerSvc - ok
18:57:55.0986 2436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:57:56.0014 2436 WfpLwf - ok
18:57:56.0017 2436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:57:56.0025 2436 WIMMount - ok
18:57:56.0027 2436 WinDefend - ok
18:57:56.0032 2436 WinHttpAutoProxySvc - ok
18:57:56.0041 2436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:57:56.0072 2436 Winmgmt - ok
18:57:56.0091 2436 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:57:56.0140 2436 WinRM - ok
18:57:56.0147 2436 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:57:56.0158 2436 WinUsb - ok
18:57:56.0168 2436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:57:56.0190 2436 Wlansvc - ok
18:57:56.0193 2436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:57:56.0202 2436 WmiAcpi - ok
18:57:56.0207 2436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:57:56.0246 2436 wmiApSrv - ok
18:57:56.0248 2436 WMPNetworkSvc - ok
18:57:56.0252 2436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:57:56.0262 2436 WPCSvc - ok
18:57:56.0266 2436 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:57:56.0279 2436 WPDBusEnum - ok
18:57:56.0281 2436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:57:56.0311 2436 ws2ifsl - ok
18:57:56.0314 2436 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:57:56.0330 2436 wscsvc - ok
18:57:56.0332 2436 WSearch - ok
18:57:56.0356 2436 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:57:56.0398 2436 wuauserv - ok
18:57:56.0402 2436 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:57:56.0412 2436 WudfPf - ok
18:57:56.0416 2436 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:57:56.0427 2436 WUDFRd - ok
18:57:56.0431 2436 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:57:56.0442 2436 wudfsvc - ok
18:57:56.0446 2436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:57:56.0462 2436 WwanSvc - ok
18:57:56.0489 2436 [ D2FE4103450E52CB248D842501F84B90 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
18:57:56.0532 2436 ZeroConfigService - ok
18:57:56.0541 2436 ================ Scan global ===============================
18:57:56.0543 2436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:57:56.0548 2436 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:57:56.0554 2436 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:57:56.0558 2436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:57:56.0564 2436 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:57:56.0567 2436 [Global] - ok
18:57:56.0568 2436 ================ Scan MBR ==================================
18:57:56.0577 2436 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:57:56.0684 2436 \Device\Harddisk1\DR1 - ok
18:57:56.0686 2436 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:57:56.0760 2436 \Device\Harddisk0\DR0 - ok
18:57:56.0769 2436 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:57:56.0879 2436 \Device\Harddisk1\DR1 - ok
18:57:56.0879 2436 ================ Scan VBR ==================================
18:57:56.0883 2436 [ A5D76D2EF6AF43CD364EE09611CCB50B ] \Device\Harddisk1\DR1\Partition1
18:57:56.0884 2436 \Device\Harddisk1\DR1\Partition1 - ok
18:57:56.0886 2436 [ 14B2E7EF87C9C55FB4155D2A426EE8FD ] \Device\Harddisk0\DR0\Partition1
18:57:56.0887 2436 \Device\Harddisk0\DR0\Partition1 - ok
18:57:56.0889 2436 [ DD81B3F13F4B271C521668674A45597D ] \Device\Harddisk0\DR0\Partition2
18:57:56.0890 2436 \Device\Harddisk0\DR0\Partition2 - ok
18:57:56.0894 2436 [ A5D76D2EF6AF43CD364EE09611CCB50B ] \Device\Harddisk1\DR1\Partition1
18:57:56.0895 2436 \Device\Harddisk1\DR1\Partition1 - ok
18:57:56.0895 2436 ============================================================
18:57:56.0895 2436 Scan finished
18:57:56.0895 2436 ============================================================
18:57:56.0901 6320 Detected object count: 5
18:57:56.0901 6320 Actual detected object count: 5
18:58:33.0670 6320 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:33.0670 6320 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:33.0671 6320 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:33.0671 6320 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:33.0672 6320 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:33.0672 6320 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:33.0672 6320 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:33.0672 6320 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:58:33.0673 6320 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user
18:58:33.0673 6320 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
05.03.2013, 20:07
| #6 |
| /// Malware-holic | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Hi, Scan mit Combofix
__________________ --> Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials |
|
05.03.2013, 20:55
| #7 |
| | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Hallo, hier das log von combofix: Code:
ATTFilter ComboFix 13-03-05.01 - ron 05.03.2013 20:46:54.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8086.5035 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2EE1C4CC-55F2-49EF-A96E-CF99B9B23CAE}.xps
c:\users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-05 bis 2013-03-05 ))))))))))))))))))))))))))))))
.
.
2013-03-05 19:50 . 2013-03-05 19:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-05 10:50 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89A0FBDB-5606-4526-BDFC-30427B0C395D}\mpengine.dll
2013-03-05 10:49 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-01 12:27 . 2013-03-01 12:27 -------- d-----w- c:\users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-03-01 10:56 . 2013-03-01 10:56 -------- d-----w- c:\users\***\AppData\Roaming\PDAppFlex
2013-03-01 10:26 . 2013-03-01 10:26 -------- d-----w- c:\users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-03-01 10:26 . 2013-03-01 10:26 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2013-02-25 08:00 . 2013-02-25 08:00 -------- d-----w- c:\program files\iPod
2013-02-25 08:00 . 2013-02-25 08:00 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-25 08:00 . 2013-02-25 08:00 -------- d-----w- c:\program files\iTunes
2013-02-25 08:00 . 2013-02-25 08:00 -------- d-----w- c:\program files (x86)\iTunes
2013-02-25 07:54 . 2013-02-25 07:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-02-25 07:54 . 2013-02-25 07:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-02-25 07:54 . 2013-02-25 07:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-02-25 07:54 . 2013-02-25 07:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-02-25 07:54 . 2013-02-25 07:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-02-25 07:54 . 2013-02-25 07:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-02-25 07:54 . 2013-02-25 07:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-02-25 07:54 . 2013-02-25 07:54 -------- d-----w- c:\program files (x86)\QuickTime
2013-02-21 14:19 . 2013-02-21 14:19 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-21 14:19 . 2013-02-21 14:19 -------- d-----w- c:\program files (x86)\Java
2013-02-18 08:46 . 2013-02-18 08:46 -------- d-----w- c:\users\***\AppData\Roaming\NVIDIA
2013-02-17 16:54 . 2013-02-17 16:54 -------- d-----w- c:\program files (x86)\AVerMedia
2013-02-17 16:50 . 2013-02-19 11:09 -------- d-----w- c:\windows\SysWow64\NV
2013-02-17 16:50 . 2013-02-19 11:09 -------- d-----w- c:\windows\system32\NV
2013-02-17 16:48 . 2013-02-17 16:48 -------- d-----w- c:\users\UpdatusUser
2013-02-17 16:48 . 2013-02-17 16:48 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-02-17 16:48 . 2013-02-10 01:04 3472672 ----a-w- c:\windows\system32\nvsvc64.dll
2013-02-17 16:48 . 2013-02-10 01:04 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-17 16:48 . 2013-02-10 01:04 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-02-17 16:48 . 2013-02-10 01:04 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-02-17 16:48 . 2013-02-10 01:04 1012000 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-02-17 16:48 . 2013-02-10 01:04 6393120 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-17 16:48 . 2013-02-10 01:04 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-02-17 16:48 . 2013-02-10 01:04 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-02-17 16:48 . 2013-02-09 13:25 3035306 ----a-w- c:\windows\system32\nvcoproc.bin
2013-02-17 16:47 . 2013-02-10 03:25 963776 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-17 16:47 . 2013-02-10 03:25 2854344 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-17 16:47 . 2013-02-10 03:25 250504 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-17 16:47 . 2013-02-10 03:25 205184 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-02-17 16:47 . 2013-02-10 03:25 15038296 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-17 16:47 . 2013-02-10 03:25 1114144 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-17 16:46 . 2013-02-17 16:46 -------- d-----w- C:\NVIDIA
2013-02-16 13:41 . 2013-02-19 11:09 -------- d-----w- c:\programdata\NVIDIA
2013-02-16 13:15 . 2013-02-16 13:15 -------- d-----w- c:\users\***\AppData\Local\Western_Digital
2013-02-16 13:15 . 2013-02-16 13:15 -------- d-----w- c:\users\***\AppData\Local\Western Digital
2013-02-16 13:14 . 2013-02-16 13:14 -------- d-----w- c:\programdata\Western Digital
2013-02-16 13:14 . 2013-02-16 13:14 -------- d-----w- c:\program files\Western Digital
2013-02-16 13:14 . 2013-02-16 13:14 -------- d-----w- c:\program files (x86)\Western Digital
2013-02-16 13:12 . 2013-02-16 13:12 -------- d-----w- c:\program files\DIFX
2013-02-16 13:12 . 2013-02-16 13:12 -------- d-----w- c:\program files\WDCSAM
2013-02-14 17:17 . 2013-02-14 17:17 -------- d-----w- c:\programdata\Blizzard Entertainment
2013-02-14 16:52 . 2013-02-14 16:52 -------- d-----w- c:\programdata\Battle.net
2013-02-14 13:57 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 13:57 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:45 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 08:45 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 08:45 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 08:45 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 08:45 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 08:45 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 08:45 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 08:45 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 08:45 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 08:45 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 08:45 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 08:45 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 15:17 . 2013-03-05 19:44 -------- d-----w- c:\users\***\AppData\Local\Spotify
2013-02-13 15:16 . 2013-03-05 19:44 -------- d-----w- c:\users\***\AppData\Roaming\Spotify
2013-02-12 16:04 . 2013-02-12 16:04 -------- d-----w- c:\users\***\AppData\Roaming\ts3overlay
2013-02-12 16:03 . 2013-03-05 19:41 -------- d-----w- c:\users\***\AppData\Roaming\TS3Client
2013-02-12 16:03 . 2013-02-12 16:03 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2013-02-08 09:37 . 2013-02-08 09:37 -------- d-----w- c:\users\***\AppData\Roaming\kompozer.net
2013-02-08 09:37 . 2013-02-08 09:37 -------- d-----w- c:\users\***\AppData\Local\kompozer.net
2013-02-08 09:37 . 2013-02-08 09:37 -------- d-----w- c:\program files (x86)\KompoZer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 10:01 . 2013-01-18 17:00 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 10:01 . 2013-01-18 17:00 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-21 14:19 . 2013-01-18 20:31 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-21 14:19 . 2013-01-18 20:31 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-14 13:58 . 2013-01-18 10:26 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 10:53 . 2013-01-18 09:43 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-18 20:19 . 2013-01-18 20:20 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-01-18 20:19 . 2003-03-19 05:14 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-18 20:19 . 2003-02-21 13:42 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-18 17:25 . 2013-01-18 17:25 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-01-18 17:25 . 2013-01-18 17:25 1340040 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2013-01-18 17:24 . 2013-01-18 17:24 228488 ----a-w- c:\windows\system32\drivers\vididr.sys
2013-01-18 17:24 . 2013-01-18 17:24 166024 ----a-w- c:\windows\system32\drivers\vidsflt.sys
2013-01-18 17:24 . 2013-01-18 17:24 1093256 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2013-01-18 17:24 . 2013-01-18 17:24 340104 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-01-18 17:24 . 2013-01-18 17:24 155272 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-01-18 16:57 . 2013-01-18 16:57 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2013-01-18 15:41 . 2013-01-18 15:41 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{920254DF-CF4E-43A0-A138-BDDD912EE5A4}\gapaengine.dll
2013-01-18 11:35 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-01-18 11:35 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-01-18 10:16 . 2013-01-18 10:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-01-18 10:16 . 2013-01-18 10:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-01-18 10:16 . 2013-01-18 10:16 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-01-18 10:16 . 2013-01-18 10:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-01-18 10:16 . 2013-01-18 10:16 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-01-18 10:16 . 2013-01-18 10:16 82432 ----a-w- c:\windows\system32\icardie.dll
2013-01-18 10:16 . 2013-01-18 10:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-01-18 10:16 . 2013-01-18 10:16 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-01-18 10:16 . 2013-01-18 10:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-01-18 10:16 . 2013-01-18 10:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-01-18 10:16 . 2013-01-18 10:16 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-01-18 10:16 . 2013-01-18 10:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-01-18 10:16 . 2013-01-18 10:16 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-01-18 10:16 . 2013-01-18 10:16 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-01-18 10:16 . 2013-01-18 10:16 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-01-18 10:16 . 2013-01-18 10:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-01-18 10:16 . 2013-01-18 10:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-01-18 10:16 . 2013-01-18 10:16 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-01-18 10:16 . 2013-01-18 10:16 448512 ----a-w- c:\windows\system32\html.iec
2013-01-18 10:16 . 2013-01-18 10:16 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-01-18 10:16 . 2013-01-18 10:16 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-01-18 10:16 . 2013-01-18 10:16 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-01-18 10:16 . 2013-01-18 10:16 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-01-18 10:16 . 2013-01-18 10:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-01-18 10:16 . 2013-01-18 10:16 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-01-18 10:16 . 2013-01-18 10:16 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-01-18 10:16 . 2013-01-18 10:16 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-01-18 10:16 . 2013-01-18 10:16 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-01-18 10:16 . 2013-01-18 10:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-01-18 10:16 . 2013-01-18 10:16 222208 ----a-w- c:\windows\system32\msls31.dll
2013-01-18 10:16 . 2013-01-18 10:16 197120 ----a-w- c:\windows\system32\msrating.dll
2013-01-18 10:16 . 2013-01-18 10:16 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-01-18 10:16 . 2013-01-18 10:16 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-01-18 10:16 . 2013-01-18 10:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-01-18 10:16 . 2013-01-18 10:16 160256 ----a-w- c:\windows\system32\wextract.exe
2013-01-18 10:16 . 2013-01-18 10:16 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-01-18 10:16 . 2013-01-18 10:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-01-18 10:16 . 2013-01-18 10:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-01-18 10:16 . 2013-01-18 10:16 149504 ----a-w- c:\windows\system32\occache.dll
2013-01-18 10:16 . 2013-01-18 10:16 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-01-18 10:16 . 2013-01-18 10:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-01-18 10:16 . 2013-01-18 10:16 12288 ----a-w- c:\windows\system32\mshta.exe
2013-01-18 10:16 . 2013-01-18 10:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-01-18 10:16 . 2013-01-18 10:16 114176 ----a-w- c:\windows\system32\admparse.dll
2013-01-18 10:16 . 2013-01-18 10:16 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-01-18 10:16 . 2013-01-18 10:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-01-18 10:16 . 2013-01-18 10:16 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-01-18 10:16 . 2013-01-18 10:16 103936 ----a-w- c:\windows\system32\inseng.dll
2013-01-18 10:16 . 2013-01-18 10:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-01-15 01:45 . 2013-01-18 09:43 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{190160CD-4A7C-42D3-B5F4-A2D71792FC81}\mpengine.dll
2013-01-11 10:39 . 2013-01-21 09:24 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2013-01-08 16:23 . 2013-01-08 16:23 277488 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2013-01-08 16:23 . 2013-01-08 16:23 511984 ----a-w- c:\windows\system32\igfxsrvc.exe
2013-01-08 16:23 . 2013-01-08 16:23 172016 ----a-w- c:\windows\system32\igfxtray.exe
2013-01-08 16:23 . 2013-01-08 16:23 5905904 ----a-w- c:\windows\system32\GfxUI.exe
2013-01-08 16:23 . 2013-01-08 16:23 441840 ----a-w- c:\windows\system32\igfxpers.exe
2013-01-08 16:23 . 2013-01-08 16:23 399856 ----a-w- c:\windows\system32\hkcmd.exe
2013-01-08 16:23 . 2013-01-08 16:23 254960 ----a-w- c:\windows\system32\igfxext.exe
2013-01-08 16:23 . 2013-01-08 16:23 185840 ----a-w- c:\windows\system32\difx64.exe
2013-01-04 04:43 . 2013-02-14 08:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-29 10:34 . 2012-10-08 10:42 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-10-08 10:42 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-16 17:11 . 2013-01-18 10:12 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2013-01-18 10:12 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-18 10:12 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2013-01-18 10:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 15:24 . 2012-12-13 15:24 342528 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2012-12-13 15:24 . 2012-12-13 15:24 16896 ----a-w- c:\windows\system32\IntcDAuC.dll
2012-12-13 15:23 . 2012-12-13 15:23 116224 ----a-w- c:\windows\system32\igfxCoIn_v2932.dll
2012-12-12 15:45 . 2012-10-10 01:22 12858368 ----a-w- c:\windows\system32\igd10umd64.dll
2012-12-12 15:44 . 2012-12-12 15:44 11174912 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-12-12 15:43 . 2012-12-12 15:43 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-12-12 15:43 . 2012-12-12 15:43 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-12-12 15:43 . 2012-12-12 15:43 438784 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-12-12 15:43 . 2012-12-12 15:43 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-12-12 15:43 . 2012-12-12 15:43 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-12-12 15:43 . 2012-12-12 15:43 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-12-12 15:43 . 2012-12-12 15:43 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\***\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
"LightShot"="c:\users\***\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-11-15 226152]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"CS Dispatch"="c:\users\***\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\WormholeKM.exe" [2012-03-05 468920]
"Spotify Web Helper"="c:\users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-13 1199000]
"Spotify"="c:\users\***\AppData\Roaming\Spotify\spotify.exe" [2013-02-13 5926808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVCServ"="c:\program files (x86)\DATEV-SiPa-compact\DVCSERV" [X]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-08-23 6049096]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2012-07-24 943856]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2012-06-25 76872]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-2-20 0]
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2013-1-18 1507328]
Zahlungserinnerung.lnk - c:\program files (x86)\Profi cash\wzed.exe [2013-1-18 40960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2013-1-18 14794312]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 6163456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/01/18 21:21;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-06-25 242448]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-07-17 198144]
R3 KOBCCEX;KOBCCEX;c:\windows\system32\drivers\KOBCCEX.sys [2009-10-08 25344]
R3 KOBCCID;KOBCCID;c:\windows\system32\drivers\KOBCCID.sys [2009-10-08 104576]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2013-01-18 155272]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-02-10 30496]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys [2013-01-18 1093256]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2013-01-18 228488]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys [2013-01-18 166024]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2013-02-10 284448]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-01-18 3729400]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-07-17 659472]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-08-23 135984]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-08-18 7027752]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2013-01-18 367200]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-07-17 198144]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys [2010-06-11 1799808]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-12-13 342528]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-02 29288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 92471417
*Deregistered* - 92471417
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-26 14:04 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-18 10:01]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18 10:53]
.
2013-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18 10:53]
.
2013-03-05 c:\windows\Tasks\update-S-1-5-21-2255338799-3120107091-2216546697-1000.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-01-19 20:34]
.
2013-03-05 c:\windows\Tasks\update-sys.job
- c:\program files (x86)\Skillbrains\Updater\Updater.exe [2013-01-19 20:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2012-08-23 02:51 2741024 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-08-23 403888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-01-08 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-01-08 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-08 441840]
"IntelMyWiFiDashboard"="c:\program files\Intel\WiFi\bin\CCDashServer.exe" [2012-03-02 4965376]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: LastPass - file://c:\users\***\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Ausfüllformulare - file://c:\users\***\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-05 20:52:32
ComboFix-quarantined-files.txt 2013-03-05 19:52
.
Vor Suchlauf: 12 Verzeichnis(se), 186.126.270.464 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 186.588.639.232 Bytes frei
.
- - End Of File - - 9EA7E9C040AC32886064AC670483CB8C
|
|
06.03.2013, 17:54
| #8 |
| /// Malware-holic | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.03.2013, 21:25
| #9 |
| | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Hallo, so hier noch der Malwarebytes Log, alles clean sagt der. Ich hoffe das ist ein gutes Zeichen. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.06.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Schutz: Aktiviert 06.03.2013 20:37:35 mbam-log-2013-03-06 (20-37-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 377796 Laufzeit: 13 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Dachratte |
|
08.03.2013, 20:58
| #10 |
| /// Malware-holic | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.03.2013, 10:16
| #11 |
| | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Guten Morgen, habe nichts gefunden was unnötig oder unbekannt ist, außer den im Verlauf der Suche installierten Programme, die ich vorher nicht drauf hatte. Der Rest ist bekannt und benötigt. Code:
ATTFilter 4Team Outlook Duplicate Remover 4Team Corporation 18.01.2013 8,28MB 3.10.0112 notwendig Adobe AIR Adobe Systems Incorporated 01.03.2013 3.1.0.4880 notwendig Adobe Download Assistant Adobe Systems Incorporated 01.03.2013 01.02.2005 notwendig Adobe Dreamweaver CS6 Adobe Systems Incorporated 01.03.2013 456MB 12 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 notwendig Adobe Help Manager Adobe Systems Incorporated 01.03.2013 4.0.244 notwendig Adobe Photoshop CS5.1 Adobe Systems Incorporated 23.01.2013 2,10GB 12. Jan notwendig Adobe Photoshop Lightroom 3.3 64-bit Adobe 22.01.2013 358MB 03.03.2001 notwendig Adobe Reader XI (11.0.02) - Deutsch Adobe Systems Incorporated 21.02.2013 133MB 11.0.02 notwendig Adobe Widget Browser Adobe Systems Incorporated. 01.03.2013 2.0 Build 348 notwendig Akamai NetSession Interface Akamai Technologies, Inc 18.01.2013 notwendig Apple Application Support Apple Inc. 25.02.2013 62,7MB 02.03.2003 notwendig Apple Mobile Device Support Apple Inc. 25.02.2013 25,2MB 6.1.0.13 notwendig Apple Software Update Apple Inc. 18.01.2013 2,38MB 2.1.3.127 notwendig AVerMedia H339 Hybrid TV Tuner 2.2.64.64 AVerMedia TECHNOLOGIES, Inc. 17.02.2013 2.2.64.64 notwendig Bonjour Apple Inc. 18.01.2013 2,00MB 3.0.0.10 notwendig CCleaner Piriform 25.02.2013 Mrz 28 unnötig CodeTwo Sync for iCloud CodeTwo 18.01.2013 10,3MB 1.3.2.2 notwendig Curse Client Curse 06.03.2013 5.1.1.644 notwendig CyberLink PowerDVD 9.6 CyberLink Corp. 18.01.2013 202MB 9.6.1.5425 notwendig DATEV Belegtransfer V.3.21 DATEV eG 18.01.2013 3,12MB 02. Mrz notwendig DATEV Installation V.2.74 18.01.2013 notwendig DATEV Sicherheitspaket - compact DATEV eG 18.01.2013 20,6MB 2.00.0010 notwendig Dell System Detect Dell 19.01.2013 3.3.2.1 notwendig Dropbox Dropbox, Inc. 24.01.2013 01.06.2016 notwendig FileZilla Client 3.6.0.2 FileZilla Project 21.01.2013 17,1MB 3.6.0.2 notwendig Google Chrome Google Inc. 18.01.2013 25.0.1364.152 notwendig iCloud Apple Inc. 18.01.2013 81,9MB 2.1.1.3 notwendig Intel(R) Processor Graphics Intel Corporation 18.01.2013 9.17.10.2932 notwendig Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed Intel Corporation 18.01.2013 5,47MB 15.3.0.0398 notwendig Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology Intel Corporation 18.01.2013 90,1MB 1.2.1.0608 notwendig Intel(R) Rapid Storage Technology Intel Corporation 19.01.2013 10.1.2.1004 notwendig Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel Corporation 18.01.2013 2.0.0.37149 notwendig Intel® PROSet/Wireless WiFi-Software Intel Corporation 19.01.2013 405MB 15.01.0000.0830 notwendig iTunes Apple Inc. 25.02.2013 187MB 11.0.2.26 notwendig Java 7 Update 15 Oracle 21.02.2013 129MB 7.0.150 notwendig JMicron Flash Media Controller Driver JMicron Technology Corp. 18.01.2013 1.0.55.0 notwendig KompoZer 0.8b3 KompoZer 08.02.2013 21,8MB notwendig LastPass(Nur deinstallieren) LastPass 18.01.2013 notwendig lightshot-3.4.0.0 Skillbrains 28.02.2013 3,21MB 3.4.0.0 notwendig Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 06.03.2013 18,4MB 1.70.0.1100 unnötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 18.01.2013 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 18.01.2013 2,93MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended Microsoft Corporation 19.01.2013 51,9MB 4.0.30319 notwendig Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 19.01.2013 10,6MB 4.0.30319 notwendig Microsoft Office Home and Business 2010 Microsoft Corporation 18.01.2013 14.0.6029.1000 notwendig Microsoft Security Essentials Microsoft Corporation 15.02.2013 4.2.223.1 notwendig Microsoft Silverlight Microsoft Corporation 18.01.2013 50,6MB 5.1.10411.0 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.01.2013 298KB 8.0.61001 notwendig Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 22.01.2013 570KB 8.0.61000 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 18.01.2013 780KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19.01.2013 788KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12.02.2013 240KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 18.01.2013 588KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.01.2013 600KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 23.01.2013 20,5MB 10.0.40219 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 23.01.2013 15,0MB 10.0.40219 notwendig NVIDIA Grafiktreiber 314.07 NVIDIA Corporation 19.02.2013 314.07 notwendig NVIDIA HD-Audiotreiber 1.3.23.1 NVIDIA Corporation 19.02.2013 1.3.23.1 notwendig NVIDIA PhysX-Systemsoftware 9.12.1031 NVIDIA Corporation 17.02.2013 9.12.1031 notwendig NVIDIA Update 1.12.12 NVIDIA Corporation 19.02.2013 01.12.2012 notwendig PDF Architect pdfforge 21.01.2013 91,1MB 1.0.52.8917 notwendig PDFCreator pdfforge 21.01.2013 01.06.2002 notwendig Profi cash 18.01.2013 notwendig Profi cash international 18.01.2013 notwendig Quickset64 Dell Inc. 18.01.2013 10,2MB 11.0.10 notwendig QuickTime Apple Inc. 25.02.2013 73,1MB 7.73.80.64 notwendig Realtek Ethernet Controller Driver Realtek 18.01.2013 7.41.216.2011 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18.01.2013 6.0.1.6312 notwendig Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 18.01.2013 1,12MB 2.1.27.0 notwendig Samsung SSD Magician Samsung Electronics 18.01.2013 45,8MB 03. Feb notwendig SES Driver Western Digital 16.02.2013 28,0KB 1.0.0 notwendig Skype™ 6.1 Skype Technologies S.A. 18.01.2013 21,1MB 6.1.129 notwendig Spotify Spotify AB 13.02.2013 0.8.5.1356.gd1d40f3a notwendig Synaptics Pointing Device Driver Synaptics Incorporated 18.01.2013 46,4MB 15.2.6.0 notwendig System Requirements Lab for Intel Husdawg, LLC 18.01.2013 1,02MB 4.5.13.0 notwendig System Requirements Lab for Intel (64-bit) Husdawg, LLC 18.01.2013 1,19MB 4.5.13.0 notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 12.02.2013 3.0.6 notwendig True Image 2013 Acronis 18.01.2013 318MB 16.0.5551 notwendig WD SmartWare Western Digital 16.02.2013 39,6MB 1.4.1.1 notwendig Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) Western Digital Technologies 16.02.2013 03/06/2009 1.0.0008.0 notwendig WinRAR 4.20 (64-Bit) win.rar GmbH 23.01.2013 4.20.0 notwendig Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 Intel 18.01.2013 13,2MB 2.1.23.0 notwendig |
|
11.03.2013, 17:26
| #12 |
| /// Malware-holic | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren öffne bitte ccleaner, analysieren, starten, pc neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.03.2013, 15:06
| #13 |
| | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Hallo, sorry war die letzten Tage nicht in der Lage die Anweisungen zu erledigen. habe nun die letzten Schritte erledigt. Der Adwcleaner hat den Rechner keinmal neu gestartet. hier das Log nach dem ersten Scan: Code:
ATTFilter # AdwCleaner v2.114 - Datei am 15/03/2013 um 15:02:35 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-LAP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\***\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v25.0.1364.152
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [764 octets] - [15/03/2013 15:02:35]
########## EOF - C:\AdwCleaner[R1].txt - [823 octets] ##########
|
|
28.03.2013, 19:59
| #14 |
| /// Malware-holic | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials y, war im urlaub und dann krank Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.03.2013, 19:18
| #15 |
| | Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials Hier die OTL.txt Code:
ATTFilter OTL logfile created on: 29.03.2013 18:39:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,93% Memory free 15,79 Gb Paging File | 13,66 Gb Available in Paging File | 86,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,37 Gb Total Space | 171,58 Gb Free Space | 71,98% Space Free | Partition Type: NTFS Drive E: | 14,17 Mb Total Space | 14,08 Mb Free Space | 99,34% Space Free | Partition Type: FAT Computer Name: RON-LAP | User Name: ron | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.22 18:19:43 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.03.15 06:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.03.12 08:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.05 11:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe PRC - [2013.02.21 12:45:04 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Users\****\AppData\Local\Skillbrains\lightshot\3.4.0.0\LightShot.exe PRC - [2013.01.28 13:08:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\****\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.18 18:25:00 | 003,729,400 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2013.01.09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2013.01.09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.12.17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.09.20 07:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2012.08.23 03:50:22 | 000,403,888 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2012.08.23 03:49:48 | 006,049,096 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2012.07.24 15:13:58 | 000,943,856 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe PRC - [2012.06.25 18:06:04 | 000,076,872 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe PRC - [2012.03.05 04:07:46 | 000,468,920 | ---- | M] (KaiJet) -- C:\Users\****\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\WormholeKM.exe PRC - [2011.10.18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.10.18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.10.18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.10.18 11:49:48 | 000,846,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011.09.16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.12 18:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe PRC - [2010.05.03 16:13:24 | 001,063,936 | ---- | M] (DATEV eG) -- C:\Program Files (x86)\DATEV-SiPa-compact\DVcServ.exe ========== Modules (No Company Name) ========== MOD - [2013.02.14 16:50:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.19 15:07:32 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll MOD - [2013.01.19 15:07:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll MOD - [2013.01.19 13:47:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.19 13:46:01 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.19 13:45:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.19 13:45:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.19 13:45:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.19 13:45:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.19 13:45:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.10.08 11:42:56 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2012.08.23 03:35:38 | 013,873,200 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll MOD - [2012.08.23 03:31:22 | 001,590,656 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\icudt38.dll MOD - [2012.07.24 14:48:28 | 000,012,160 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll MOD - [2011.06.14 08:07:16 | 000,036,688 | ---- | M] () -- C:\Users\****\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\OSW08.dll MOD - [2011.04.28 08:50:48 | 000,039,760 | ---- | M] () -- C:\Users\****\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\2208KM_HID.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.06.10 13:39:20 | 000,073,728 | ---- | M] () -- C:\Users\****\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\ProdLic.DLL MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV - [2013.03.16 17:41:42 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.15 06:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.18 18:25:00 | 003,729,400 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2013.01.09 17:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013.01.09 17:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2013.01.08 17:23:50 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.23 13:39:38 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.08.23 03:50:44 | 001,127,432 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2012.08.18 21:22:02 | 007,027,752 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2012.07.18 00:52:16 | 000,659,472 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2012.06.25 18:06:00 | 000,242,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2012.02.26 05:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.02.26 05:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.02.26 05:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.02.26 05:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.10.18 11:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.10.18 11:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.10.18 11:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.11.29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.09.08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2010.09.08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC) SRV - [2010.09.08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.15 06:53:06 | 000,284,448 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt) DRV:64bit: - [2013.03.15 06:53:06 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2013.01.18 18:25:00 | 001,340,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2013.01.18 18:25:00 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2013.01.18 18:24:59 | 001,093,256 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter) DRV:64bit: - [2013.01.18 18:24:59 | 000,228,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr) DRV:64bit: - [2013.01.18 18:24:59 | 000,166,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt) DRV:64bit: - [2013.01.18 18:24:58 | 000,340,104 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2013.01.18 18:24:58 | 000,155,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:64bit: - [2012.12.13 16:24:10 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.12.12 16:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.18 00:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.07.18 00:49:00 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012.03.26 14:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.20 12:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2011.10.11 13:08:00 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011.10.10 16:43:16 | 000,288,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.09.13 16:14:44 | 000,212,992 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.09.13 16:14:42 | 000,095,744 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.08.29 16:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.17 09:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.12.15 09:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2010.11.29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.07.02 01:46:58 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt) DRV:64bit: - [2010.06.11 02:14:42 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64) DRV:64bit: - [2009.10.08 14:41:42 | 000,025,344 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KOBCCEX.sys -- (KOBCCEX) DRV:64bit: - [2009.10.08 14:41:26 | 000,104,576 | ---- | M] (KOBIL Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KOBCCID.sys -- (KOBCCID) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.13 12:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 AC 9A AE 6B F5 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.01.21 10:24:32 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - Extension: Google Docs = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: LastPass = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\ CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.03.05 20:50:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O2:64bit: - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO64002.dll (DATEV eG) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30} - C:\Program Files (x86)\DATEV-SiPa-compact\DVCCSASCardBHO002.dll (DATEV eG) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelMyWiFiDashboard] C:\Program Files\Intel\WiFi\bin\CCDashServer.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [DVCServ] C:\Program Files (x86)\DATEV-SiPa-compact\DVCSERV.exe (DATEV eG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKCU..\Run: [CS Dispatch] C:\Users\****\AppData\Roaming\KaiJet\Wormhole KM Switch\FunctModules\{23863E42-6AAC-482c-81D2-BD6A23CCFEF8}\WormholeKM.exe (KaiJet) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [LightShot] C:\Users\****\AppData\Local\Skillbrains\lightshot\LightShot.exe () O4 - HKCU..\Run: [Spotify] C:\Users\****\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk = C:\Program Files (x86)\Profi cash\wzed.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: LastPass - file://C:\Users\****\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8:64bit: - Extra context menu item: LastPass Ausfüllformulare - file://C:\Users\****\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: LastPass - file://C:\Users\****\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Ausfüllformulare - file://C:\Users\****\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: datev.at ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.at ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.com ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.com ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([www] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datev.de ([www] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevnet.de ([*.services] https is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevstadt.de ([]http is out of zone range - 5) O15 - HKCU\..Trusted Domains: datevstadt.de ([]https is out of zone range - 5) O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites) O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.13.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0807CC08-D6C4-44E5-B015-989B3AAAECBF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C03464F-34A9-4139-91C2-866ADB9002EF}: DhcpNameServer = 10.0.206.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F288F3C-973E-48F7-B528-C431D387807C}: DhcpNameServer = 10.74.210.210 10.74.210.211 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.03.21 12:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.15 14:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.11 10:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.03.11 10:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.06 20:36:19 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2013.03.06 20:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.05 23:11:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.05 20:52:34 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.05 20:46:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.05 20:46:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.05 20:46:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.05 20:46:05 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.03.05 20:46:02 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.05 20:45:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.05 20:44:08 | 005,036,545 | R--- | C] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe [2013.03.05 18:56:36 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe [2013.03.05 12:03:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.03.05 11:02:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.03.01 13:27:57 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013.03.01 13:27:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2013.03.01 11:56:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\PDAppFlex [2013.03.01 11:26:08 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.03.01 11:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2013.01.18 17:57:37 | 014,794,312 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe ========== Files - Modified Within 30 Days ========== [2013.03.29 18:33:50 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.29 18:33:50 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.29 18:33:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.29 15:11:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\update-sys.job [2013.03.29 14:48:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-2255338799-3120107091-2216546697-1000.job [2013.03.29 13:20:00 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.29 13:20:00 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.29 13:18:17 | 001,621,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.29 13:18:17 | 000,700,380 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.29 13:18:17 | 000,655,052 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.29 13:18:17 | 000,149,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.29 13:18:17 | 000,121,924 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.29 13:13:06 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.29 13:12:45 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys [2013.03.27 13:35:01 | 000,001,456 | ---- | M] () -- C:\Users\****\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2013.03.27 11:30:46 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-Bit.lnk [2013.03.26 14:15:12 | 000,001,046 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.26 14:15:07 | 000,001,010 | ---- | M] () -- C:\Users\****\Desktop\Dropbox.lnk [2013.03.25 10:50:31 | 000,000,436 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.03.22 14:29:01 | 000,014,018 | ---- | M] () -- C:\Users\****\Documents\invoice_028-7674881-3093104_1069154.pdf [2013.03.22 14:28:58 | 000,014,032 | ---- | M] () -- C:\Users\****\Documents\invoice_028-7674881-3093104_1066312.pdf [2013.03.15 15:04:41 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.03.15 14:54:13 | 000,597,667 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe [2013.03.15 06:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.03.14 14:26:31 | 000,028,630 | ---- | M] () -- C:\Users\****\Desktop\picking_note_invoice_sorted_14032013142620.pdf [2013.03.14 13:04:41 | 000,004,040 | ---- | M] () -- C:\Users\****\Desktop\giesbrecht.pdf [2013.03.13 17:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2013.03.11 10:07:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.05 20:50:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.05 20:45:21 | 005,036,545 | R--- | M] (Swearware) -- C:\Users\****\Desktop\ComboFix.exe [2013.03.05 18:56:38 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\****\Desktop\tdsskiller.exe [2013.03.05 12:47:55 | 000,035,705 | ---- | M] () -- C:\Users\****\Desktop\logs.zip [2013.03.05 11:24:34 | 000,377,856 | ---- | M] () -- C:\Users\****\Desktop\gmer_2.1.19155.exe [2013.03.05 11:07:28 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2013.03.05 11:03:27 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe [2013.03.05 11:02:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.03.01 11:51:59 | 000,001,522 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Application Manager.lnk [2013.03.01 11:26:06 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2013.02.28 10:47:33 | 000,000,538 | ---- | M] () -- C:\Users\****\AppData\Local\UserProducts.xml ========== Files Created - No Company Name ========== [2013.03.27 11:30:46 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.1 64-Bit.lnk [2013.03.27 11:30:46 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 4.1 64-Bit.lnk [2013.03.22 14:29:01 | 000,014,018 | ---- | C] () -- C:\Users\****\Documents\invoice_028-7674881-3093104_1069154.pdf [2013.03.22 14:28:58 | 000,014,032 | ---- | C] () -- C:\Users\****\Documents\invoice_028-7674881-3093104_1066312.pdf [2013.03.16 17:41:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.15 14:54:09 | 000,597,667 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe [2013.03.14 14:26:31 | 000,028,630 | ---- | C] () -- C:\Users\****\Desktop\picking_note_invoice_sorted_14032013142620.pdf [2013.03.14 13:04:41 | 000,004,040 | ---- | C] () -- C:\Users\****\Desktop\giesbrecht.pdf [2013.03.11 10:07:59 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.03.05 20:46:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.05 20:46:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.05 20:46:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.05 20:46:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.05 20:46:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.05 12:47:55 | 000,035,705 | ---- | C] () -- C:\Users\****\Desktop\logs.zip [2013.03.05 11:24:33 | 000,377,856 | ---- | C] () -- C:\Users\****\Desktop\gmer_2.1.19155.exe [2013.03.05 11:07:28 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2013.03.05 11:03:27 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe [2013.03.01 11:53:13 | 000,001,235 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk [2013.03.01 11:52:36 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2013.03.01 11:52:35 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2013.03.01 11:52:26 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013.03.01 11:52:14 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk [2013.03.01 11:26:06 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2013.03.01 11:26:06 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk [2013.01.30 14:13:58 | 000,001,456 | ---- | C] () -- C:\Users\****\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2013.01.19 14:30:26 | 000,000,538 | ---- | C] () -- C:\Users\****\AppData\Local\UserProducts.xml [2013.01.18 20:57:07 | 001,598,978 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.18 17:00:10 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2013.01.18 16:59:01 | 000,000,097 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2013.01.18 16:57:17 | 000,000,098 | ---- | C] () -- C:\Windows\STARTUP.INI [2013.01.18 13:33:42 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin [2013.01.18 13:13:26 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin [2013.01.18 13:13:26 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin [2013.01.18 13:13:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin [2013.01.18 13:13:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin [2013.01.18 13:13:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin [2013.01.18 13:13:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin [2013.01.18 13:13:26 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin [2013.01.18 13:13:26 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin [2013.01.18 13:13:26 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin [2013.01.18 13:13:26 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin [2012.12.12 16:41:24 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.18 18:53:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\4Team [2013.01.18 22:26:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Acronis [2013.03.01 13:27:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013.01.18 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CodeTwo [2013.01.18 20:57:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CodeTwo Sync for iCloud [2013.03.01 11:26:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.01.18 16:56:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DATEV [2013.03.29 18:38:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox [2013.03.18 12:48:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla [2013.01.30 08:45:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\KaiJet [2013.02.08 10:37:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\kompozer.net [2013.01.18 13:19:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PCDr [2013.03.01 11:56:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PDAppFlex [2013.01.21 10:27:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PDF Architect [2013.01.21 10:24:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\pdfforge [2013.03.29 18:33:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Spotify [2013.03.22 23:45:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2013.02.12 17:04:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ts3overlay ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.03.05 23:11:23 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2013.03.05 20:52:34 | 000,000,000 | ---D | M] -- C:\ComboFix [2013.01.18 16:59:40 | 000,000,000 | ---D | M] -- C:\DATEV [2013.01.18 09:58:04 | 000,000,000 | ---D | M] -- C:\Dell [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2013.01.18 09:06:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.01.18 22:21:33 | 000,000,000 | ---D | M] -- C:\Intel [2013.01.18 13:48:35 | 000,000,000 | R--D | M] -- C:\MSOCache [2013.01.18 09:53:56 | 000,000,000 | ---D | M] -- C:\Neuer Ordner [2013.02.17 17:46:02 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.03.15 14:54:25 | 000,000,000 | R--D | M] -- C:\Program Files [2013.03.22 18:20:46 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.03.06 20:35:56 | 000,000,000 | ---D | M] -- C:\ProgramData [2013.01.18 09:06:00 | 000,000,000 | -HSD | M] -- C:\Programme [2013.03.05 20:52:34 | 000,000,000 | ---D | M] -- C:\Qoobox [2013.01.18 09:06:00 | 000,000,000 | ---D | M] -- C:\Recovery [2013.03.29 18:42:25 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.03.26 16:21:29 | 000,000,000 | ---D | M] -- C:\temp [2013.02.17 17:48:49 | 000,000,000 | R--D | M] -- C:\Users [2013.03.26 16:27:44 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,029,106 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013.01.18 11:53:35 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.01.18 11:53:35 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013.01.19 14:30:26 | 000,000,384 | ---- | C] () -- C:\Windows\Tasks\update-S-1-5-21-2255338799-3120107091-2216546697-1000.job [2013.01.19 14:30:26 | 000,000,384 | ---- | C] () -- C:\Windows\Tasks\update-sys.job [2013.03.16 17:41:42 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Dell\Drivers\8D90T\f6flpy-x64\iaStor.sys [2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys [2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011.01.12 17:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\Dell\Drivers\8D90T\f6flpy-x86\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2013.03.05 11:07:28 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2013.03.29 18:50:06 | 003,407,872 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2013.03.29 18:50:06 | 000,262,144 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG1 [2013.01.18 09:06:03 | 000,000,000 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG2 [2013.01.18 10:24:09 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2013.01.18 10:24:09 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2013.01.18 10:24:09 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.01.18 09:06:03 | 000,000,020 | -HS- | M] () -- C:\Users\****\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Das Programm hat keine andere generiert. Bzw. wo müsste die denn liegen ? Danke und Gruß Dachratte |
|
| Themen zu Telekom Rechnung Februar 2013 - PDF - Anhang geöffnet - keine Meldung von Seucrity Essentials |
| achtung, anhang, anweisung, code, einfügen, essen, gestern, hilft, hoffe, mail, meldung, neues, neueste, pdf, poste, posten, programme, rechnung, scan, security, stelle, system, telekom, telekom rechnung, trojaner, Änderungen |
WARNUNG an die MITLESER: 
Linear-Darstellung
